"Fake" Rudd email: Why wasn't it checked?

By Lilia Guan on Jun 25, 2009 6:00 AM
Filed under Security

Five minutes is all it takes to authenticate an email, according to one IT security expert.

The Australian Federal Police (AFP) is currently conducting a preliminary forensic investigation of computers located at a premises in Canberra and at the offices of the Department of Treasury, in relation to the email at the centre of the 'Utegate' scandal.

The scandal broke out when opposition leader Malcolm Turnbull's accused Prime Minister Rudd (pictured) of using his powers to help to a car dealer friend, though the debate is now focused on an alleged "fake email" from the Prime Minister.

In a statement to the media, Prime Minister Rudd said "Turnbull's allegations are based on the existence of an alleged email between a staff member of mine and a Treasury official on the 19th of February".

The AFP has confirmed; "Preliminary results of those forensic examinations indicate that the e-mail referred to at the centre of this investigation has been created by a person or persons other than the purported author of the e-mail."

Ajoy Ghosh, security executive at Logica told CRN the AFP were taking their time on investigating where the email came from due to political sensitivity.

"This is literally a five minute job," he said.

"They are taking so long because they want to play it safe."

Ghosh told CRN that if Liberal Party members were in receipt of the alleged 'fake' email, they could've taken it to their email administrator to have it authenticated.

"It literally takes five minutes to check if an email is kosher," he said.

"Why didn't the opposition do more to check the authenticity of the email before making accusations?

"I wouldn't expect opposition leader Malcolm Turnbull to be able to determine the authenticity of an email, but an administrator or even a forensic expert would know what to look for."

Ghosh said most Australian corporations and government agencies have gateways, firewalls and security in place to prevent unauthorised email and spam from getting into a user's email box.

However, if a user is authorised to use a computer and sends a forged email to another person in the same building, then the security product would not be able to prevent it from getting through, he said.

"If that is the case then authentication of the user won't matter," said Ghosh.

"You can't stop someone from using a legitimate email box for the wrong reasons.

"Despite the actions of that person, it doesn't negate the fact that the recipient of a suspicious email didn't have it verified."

Ghosh said it doesn't take a "forensic expert" to know if an email is suspicious.

Follow us on Facebook and Twitter


"Fake" Rudd email: Why wasn't it checked?
Top Stories
How to turn your old laptop into a Chromebook
Turn a sluggish Windows notebook into a speed machine.
Judge forces woman to give fingerprint to unlock iPhone
FBI warrant pins 29-year-old woman.
SMS chief falls on sword, 100 staffers gone
Chairman: "performance has been disappointing".
Sign up to receive CRN email bulletins
Meeting which tech founder would leave you most starstruck?

Latest Comments
CRN Magazine

Issue: 347 | March 2016

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.